U.S. retailers a top target for cyberattacks, report says

Tuesday

Cyberattacks that expose sensitive consumer information continue to be a major problem for big businesses such as retailers, according to a new report.

That report, from Thales, indicates that 62% of retailers say they've experienced a data breach at some point in time, with 37% saying they had a breach within the past year.

The list of well-known firms that have publicly reported cyberattacks includes Door Dash, Equifax, Home Depot, Marriott, Target and TJX Cos., owner of Home Goods, Marshalls and T.J. Maxx.

Charles Goldberg, vice president of data protection product marketing at Thales, says it's easy to understand why retailers are such an attractive target for hackers.

"Retail is an industry that holds a lot of data," he said. "Retail is also going through a tremendous digital transformation, which means more sensitive data is out there."

The data retailers hold includes "what people buy, what they're interested in, shopping habits, how they're using mobile apps and more," according to Leslie Hand, GVP of IDC Retail Insights.

“When this data is coupled with the payment information retailers also collect, you've got a perfect storm that creates very lucrative opportunities for cybercriminals," she said. "Securing data in this environment is increasingly complicated and retail organizations must be vigilant in protecting against new security loopholes.”

Cyberattacks are costly to investigate and remedy. They can seriously damage a firm's reputation with shoppers and diners. That's why many firms — 62% to be exact — told Thales they planned to increase spending on security measures. Still, though, that's down from 84% just a year ago.

As retailers race to stay ahead of the pack when it comes to technology, Goldberg says errors can be made, creating opportunities for hackers to exploit vulnerabilities. Sometimes the data is exposed for just a short period of time, while in other cases it sits out there for a year or more. That's why Goldberg believes security spending is so crucial.

"You're going into these new environments and don't necessarily understand them," he said. "People make mistakes."

He reminds retailers that modern encryption "is very low overhead," an expense that's worth it if it means preventing the headaches associated with a breach, such as having to provide credit monitoring and dealing with lawsuits.

Goldberg says consumers can take a number of steps to reduce the chances of having their sensitive information, such as credit card numbers, floating around on the dark web. He suggests using one-time credit card numbers for online purchases, or pin-and-chip technology in stores.

If you hear of a breach, he believes "it'd be a wise choice to take your business elsewhere for some period of time."

"So many companies have been breached multiple times," he said. "Data breach and privacy laws are helping. We do see movement in the right direction, but there's still a lot of room for improvement."